Skip to content

Notes

Bookmarked https://wptavern.com/wordfence-and-wpscan-publish-mid-year-wordpress-security-report. And over two thirds of them …

Bookmarked https://wptavern.com/wordfence-and-wpscan-publish-mid-year-wordpress-security-report.

And over two thirds of them stem from not or wrongly escaping user inputs, and would’ve been avoided by running a static analyzer, like PHPCS with WordPress’s ruleset.

The vast majority of the vulnerabilities you hear about in the WordPress ecosystem come from plugins[.]

This is what most “notes”—this particular one being …

This is what most “notes”—this particular one being a reply—typically look like in my WordPress editor. If it were a bit longer, I’d probably have the outgoing link in the e-content itself, but for shorter notes, a brief introduction/post context works well enough. Note that this “context” is purposely kept out of the e-content, so as not to show Microsub (or otherwise mf2-compatible) readers the same information twice. (Most, if not all, Microsub apps explicitly display reply-to URLs above replies. “Regular” RSS subscribers get to see the entire entry.) The title, by the way, is automatically generated and neither given a p-name class on the front end nor shown in RSS, which is the way it should be (for notes).

My WordPress post editor, showing a microformatted "note"

Bookmarked https://css-tricks.com/view-source-on-mobile/. Yes! Firefox on Android _used to …

Bookmarked https://css-tricks.com/view-source-on-mobile/.

Yes! Firefox on Android used to actually have “View Source,” and I’d use it fairly often, too, dangit.

Have you ever wished you could see the HTML source of a web page while on a mobile browser, which generally doesn’t offer that feature?

Update: Turns out prefixing a URL with “view-source:” still works! Thank you, Josh.

Bookmarked https://sebastiandedeyne.com/the-monetization-trap/. Yep, keep noticing this, too, and …

Bookmarked https://sebastiandedeyne.com/the-monetization-trap/.

Yep, keep noticing this, too, and it’s f—king dumb.

Not everything has to be for money. We’re engineers; we’re already in the, like, top 5% or so. I’ve got my investment account generating plenty passive income I’ll likely never need.

Everyone and their dog seemed to have a project that generates passive income; I want a slice too!

Added a job to my feed aggregator/Microsub server …

Added a job to my feed aggregator/Microsub server that quickly validates mf2 media, i.e., the URLs that end up in entries’ photo and video arrays, by means of a HEAD request. If the server returns a 404 (or similar), the URL is probably faulty (e.g., the result of a misplaced u-photo tag), and the item removed from the list. No more (well, definitely less) “broken images” below posts!

Interestingly, my “Press This” bookmarklet still works, and …

Interestingly, my “Press This” bookmarklet still works, and its use correctly results in a new “bookmark” (rather than a “regular” post). Must’ve done something right! Next up: make those “read” posts instead! Ultimately, I want a new CPT for reads, one that I’ll likely keep private. I also want each new “read” to lead to the item being added to my feed reader (and read-it-later app).